Overview

overview

10

Static

static

3

Loader/Launcher.dll

windows7-x64

1

Loader/Launcher.dll

windows10-2004-x64

1

Loader/Loader.exe

windows7-x64

10

Loader/Loader.exe

windows10-2004-x64

10

Loader/mainf.dll

windows7-x64

1

Loader/mainf.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Loader.rar

  • Size

    3.8MB

  • Sample

    240623-1c8tqssgkc

  • MD5

    2e89f31739c6ac701ded0ed7a6847a5d

  • SHA1

    5279e1b9c4f0474a8e19bf4f21181ca7645c28e1

  • SHA256

    3d346f297b45a547dae58303d7c92363a4013f4df0ebe5af8405215fc306761c

  • SHA512

    4030e3502b1a21bb46de8befc1c7c26b1117dd650ef31ba69f3fb0fe42a390fc097a0bb4e6948e7d6f811d10075b927196f9000cd6f83229ca9773aee0b08bb3

  • SSDEEP

    49152:Mhhd0zA/0ng+3ByAL0imfEsKoDaaKToTpLDJdThvIP3JfJl6S6A1oFjEv7jJbSj:M7j+xyKKEsFWzY5dTh83NJlyjEv7jlSj

Score
10/10
rhadamanthysexecutionstealer

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://rentry.org/Lk51111111/raw

Targets

    • Target

      Loader/Launcher.dll

    • Size

      7.5MB

    • MD5

      cbb81f28c5a509e4f7e3e44bc7da74f8

    • SHA1

      47145f07bc7d0083d3bd13a9da44bac740952029

    • SHA256

      413bf9c2cff6fe7b97eae199683df7f6d648fad4c25cb6d0b7dce335eb69edba

    • SHA512

      bc863ebb2f5fd66f342be8befb49889dd275adb15cff95ed378e185190091589c8d1d7a8902ca889a7b2af81588c731bfa0a930f074fecadd9b47a082966079c

    • SSDEEP

      98304:koD5geAsEDKN0xOLy2MsmCkQejop7PGXleggxF:kfD/mexOLy0GoNPGXledT

    Score
    1/10
    behavioral1behavioral2

    • Target

      Loader/Loader.exe

    • Size

      7KB

    • MD5

      a59db21c45ddbf490cb3dbc04a4482b5

    • SHA1

      df2dfcadf42b704b1411ad206d4c2daeab0de0d1

    • SHA256

      d576ea6364ee599b140b2acb69a0b1e1bad3450dca5716d1f582a65340b28656

    • SHA512

      0c9042be85607f3e8b9e70f3b99d79761046653e770813a22a627616e35e4ade5677566e71512dc73e50fbe5a32d148b31420c3930060070f4894d9f8f2747df

    • SSDEEP

      192:gSP9nqvjXP3xszgz8mocPcKz4UbvkVQ+cPcKQ8w/HvvNu5dO:gSP9qvLJO9NcPcEkVQ+cPc15v4vO

    Score
    10/10
    executionrhadamanthysstealer

    • Rhadamanthys

      Rhadamanthys is an info stealer written in C++ first seen in August 2022.

      stealerrhadamanthys

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral3behavioral4

    • Target

      Loader/mainf.dll

    • Size

      6KB

    • MD5

      dfbad6728654395df7cdc4626686bdd7

    • SHA1

      63686f523d7b4bf33c6184ce7d870fa326ce4bba

    • SHA256

      ba7ee4cc8044c4aeac2c9b698a32a6d01020097e14730abc7040cd9f0ee0608c

    • SHA512

      e2ff8afcd090adc2a846152fa5f0055ade47b8d9a19e6d2ff1f20092b987db98729388142f56af716b8dc659e66188ecfa4ba35b55353e7636a58a78c7ce6abd

    • SSDEEP

      96:VUttOfbCgQSbvu/r8NfrHkuixR+0NGUA5ATvHV+f4zUh:V6FgGr8B2R+0M1+rV+Qg

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks